We've found our Windows 7 systems are reliable about obtaining kerberos
tickets when users login at our site (all user accounts are
authenticated against an MIT kerberos KDC during login).
Obtaining AFS tokens at the same time is not as reliable. Going into
Network Identity Manager and renewing credentials typically will obtain
tokens. Running aklog will obtain tokens. 90-95% of the time tokens
are obtained. This is with
HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\LogonOptions
set to "0".
I'm experimenting with setting the LogonOptions setting to "1" to see if
that clears up this issue. If having LogonOptions set to "1" is still
necessary to reliably get AFS tokens generated at login time, I'm
surprised we saw it work so often in the past with this registry key set
to "0".
Any other suggestions to ensure users receive AFS tokens at login time?
John
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
